n0n Guru
Joined: 13 Jun 2002 Posts: 355
|
Posted: Thu Aug 08, 2002 4:19 pm Post subject: ARP traffic |
|
|
Hello!
I decided to take a closer look at what kind of packets are being thrown around on my network (connected via Time Warner's Road Runner service - bleah), and I noticed that I had over 4 MB of unaccounted incoming traffic since I had turned by box on in the morning. Concerned that I might be getting h4x0r3d or something, I started up a tcpdump for a little while and then had a look. As it turns out, basically ALL of this incoming traffic came from ARP requests.
Now, I know that ARP is a protocol for matching IP addresses to hardware addresses, and that's it's somewhat vital for things to Work Properly, as it were, but the rate at which I was getting these requests seemed a little excessive. At the current rate, it works out to over 1MB per hour of just ARP traffic. Does that sound right? I went scouring the net to see what I could find, and I found some pretty good info off of this page, but nothing saying how much of this traffic I should be getting, or if I should be concerned with blocking some of it somehow (although iptables won't work, 'cause it's not an IP-based protocol - I did find some patches for something called "arptables" at iptables.org, which seems to have made it into 2.4.19, although I found little documentation for it), but I'm still not quite sure if I should be worried about it or not.
I was considering calling up Time Warner to see what they had to say on the matter, but I wanted to actually know what I was talking about first. Can anyone point me to some good links, or provide some information? Thanks! |
|